FCA tells payment services providers to urgently review safeguarding measures

The ‘Dear CEO’ letter (3 page / 179 KB PDF) follows a review of 11 non-bank payment service providers (PSPs) to assess how well they meet the requirements for safeguarding service users’ funds in the Payment Services Regulations 2017 (PSRs) and Electronic Money Regulations 2011 (EMRs).

The regulations make sure that PSPs and electronic money institutions (EMIs) protect customer money by creating a segregated asset pool of relevant funds from which to pay the claims of electronic money holders or payment service users in priority to other creditors if the PSP or EMI becomes insolvent.

The review found that some firms were non-compliant in a variety of areas, and the FCA told firms they should review safeguarding arrangements and the rationale for decisions made, and take “prompt remedial action” if inadequacies were identified.

Financial services regulation expert Andrew Barber of Pinsent Masons, the law firm behind Out-Law, said firms should take the 'Dear CEO' letter and the FCA review seriously.

“The findings from the FCA’s multi-firm review of payment service providers will need to be carefully reviewed by all payments and e-money firms that are required to safeguard customer funds,” Barber said.

“Having highlighted a number of areas where some firms are not meeting the requirements, we can expect the FCA to now start looking at individual firms and potentially taking action if identified issues are not resolved. As the FCA’s 'Dear CEO' letter has only given firms until the end of July to attest to their compliance, firms are going to have to move quickly to identify and fix any problems before the deadline,” Barber said.

The review found that most firms understood which payment services they provided and when they were providing them, but some were unable to explain which payment services they provided in some situations or identify when they were issuing e-money. The FCA said there was also a lack of clarity about when firms were acting as agent or distributor for another EMI.

The FCA said this meant some firms could not accurately identify relevant funds and did not know whether they were safeguarding the correct amount of relevant funds.

The review also looked at safeguarding documentation. The FCA found that firms with good documentation for safeguarding were more likely to be safeguarding appropriately.

However some firms did not have up-to-date policies, and relied on operational process documents which either did not include the rationale for the arrangements or which simply reiterated the regulations and guidance without explaining how systems and controls would ensure compliance, the FCA said.

While some firms covered by the review monitored safeguarding risks regularly and adjusted processes accordingly, others only revisit processes if they identify a breach. The FCA said this meant that these firms did not adequately consider safeguarding when developing new products, leading to inadequate safeguarding processes.

Firms are expected to carry out internal and external reconciliations between safeguarding accounts and the amount that should be safeguarded at least once per business day, but the FCA said some firms were not doing this frequently enough, or did not carry out both internal and external reconciliations.

The FCA said it would be conducting further work on firms’ safeguarding arrangements, and expected to see that firms had acted to review and where necessary remediate their processes. It said it would take “appropriate action” where it found inadequacies in firms’ safeguarding.